Mobile login

When the Onegini IDP is configured to work with the Onegini Token Server, it is possible to utilise its Mobile Authentication functionality to
enable end-users to login using their mobile devices. Mobile authentication is one of the features that is offered by the Onegini Token Server
component. It is an out-of-band authentication mechanism. The end-users use their mobile device in combination with possibly an additional
authentication mechanism such as a PIN or Fingerprint in order to proof their identity.

Below you can see the flow diagram for mobile login:

What is required?

To successfully complete this topic guide you need to ensure following prerequisites:

Onegini IDP instance must to be running, for the sake of this guide we assume it's available under the http://localhost address

Configuration

Mobile Login requires access to the Onegini Token Server API. This can be configured via the Onegini IDP admin panel.
Please refer to the Onegini Token Server configuration for more details about setting up the configuration with the
Token server.

Mobile login is using Authorization Token that is saved in a cookie inside user’s browser. The maximum time in which mobile login functionality can be
performed after ensuring it is available for a person can be set via authorization token expiration time property which is described in the
properties section.

Admin

In order to use the mobile login functionality it needs to be enabled and configured within the Onegini IDP admin panel (Configuration -> Identity Providers).
Configuration. This page contains the following fields:

Field name

Description

Mobile Login enabled

Enables/disables mobile login.

Show Allow Mobile login for this device login option

If enabled, the end-user will see a checkbox on the login page where he can decide whether or not they want to use the mobile login feature from their current device.

Authentication level

You can give the mobile login feature a specific authentication level or use the authentication level of the previous authenticator that the end-user used before logging in with mobile login.